Pay: private or transparent?
Panama papers and employee pay
The debate about who exactly should publish their UK tax returns, and the increasing scrutiny of individuals’ earnings and tax payments, raises the question of whether there has been a decisive shift as to long-held expectations that an individual’s income remains a private matter.
Of course, many employees in senior public sector roles or whose earnings are published in annual reports, are already used to some level of disclosure.
However, many would point to lack of proper pay transparency in the UK as a significant barrier to eliminating the gender pay gap. Indeed, consultation closed last month on draft Government regulations requiring companies with more than 250 employees to reveal information in relation to any gender pay gap, with legislation expected to come into force this October. From next year, companies would then have to publish gender pay gap information on their websites, although probably not the details of individual packages.
To some extent, that tension between individual privacy and issues of accountability is already at issue. In the context of freedom of information there remains a tension with the “reasonable expectation of privacy” an employee of a public authority might have, and with the argument that disclosure of details personal to them (whether relating to training, skills, disciplinary matters, pay or even a confidential settlement agreement) would breach their data protection rights. Increasingly, in relation to more senior public officials, this expectation as to privacy is being qualified by the need for increased accountability.
It seems likely that levels of transparency of the cost to the public purse of the employment or indeed dismissal of senior public officials will continue, but only time will tell whether the Panama papers do mark a tipping point towards a more general transparency in the UK.
Contrast this with the more open approach of some Scandinavian countries. Each November in Finland, in what has become known as “National Envy Day”, the media publish the names of around 10,000 top earners (and subsequently top taxpayers). Tax returns have been published openly in Norway for over 150 years.
Changes to data protection
While the debate about increased transparency on earnings continues to rage, mid-April saw a timely announcement that the European Parliament has voted in favour of a new General Data Protection Regulation (“GDPR”), which will replace the current EU Data Protection Directive. As practitioners will know, the Data Protection Act 1998 implements the current Directive. Many of the new requirements will be the same as under the 1998 Act, although there are some differences. Significantly, the Regulation introduces more stringent requirements on obtaining consent from individuals to their personal data being processed.
There is a new requirement which may have implications for employers seeking consent to data processing at the same time as a contract of employment is signed. This is that, “in the context of a written declaration which also concerns other matters, the request for consent must be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language”. On this basis, a separate schedule may be required.
Practitioners advising public and private data controllers in the UK (or any EU member state) should be aware that the new legislation will apply directly to them when it comes into force in 2018.
The GDPR also places greater emphasis on the documentation that data controllers must keep in order to demonstrate their accountability. In terms of what to consider, now as ever, awareness and preparation will be key as a starting point.
It would be useful for data controllers to consider risk registers now and what impact the GDPR may have. Controllers may need to organise an information audit to document what personal data is held, where it came from and who it is shared with. Privacy notices may change when the GDPR comes into force, so controllers may need to put a plan in place for making any necessary changes in time. In terms of an individual’s rights, controllers should check that policies and procedures around deletion and provision of data electronically will meet new standards, as well as compliance with subject access requests as the rules around these in particular will change with the timescale reducing from 40 days to one month.
Practitioners themselves should have privacy at the top of their agenda for this year. Recently Shell announced a drastic reduction in its legal panel (from 250 globally to six). The first step in its global panel review was to request information from each of its former preferred list of advisers on “data privacy and cybersecurity programmes”. This demonstrates the increasing importance the marketplace puts on issues of privacy.
In this issue
- Sewel in statute: competence or confusion?
- Data protection rewritten
- When divorce and maintenance collide
- Child cases: who decides?
- Deliver us from evil: the totalitarian temptation
- Reading for pleasure
- Opinion: Tom Marshall
- Book reviews
- Profile
- President's column
- Certainty guaranteed with DPA service
- People on the move
- A hard race well won
- EU referendum: choice for a better future
- Of chance and change
- Land reform: back, and here to stay
- Frameworks dismantled
- Charity advice: the full picture
- Lifting the lid on lives
- A judgment on judgments
- Pay: private or transparent?
- Horses make a clean break
- Trustees – damned either way?
- Scottish Solicitors' Discipline Tribunal
- Silverburn: sold on the right to buy
- Career building
- Oops – lost attorneys
- Paralegal pointers
- How will my family know what assets I have?
- Law reform roundup
- Gender pay: squeezing the gap
- The trend is good
- Ask Ash
- Success is in store
Additional
